Don't delete disable admin directory!!

General discussion of Mantis.

Moderators: Developer, Contributor

Post Reply
zzapper
Posts: 5
Joined: 12 Feb 2018, 10:00

Don't delete disable admin directory!!

Post by zzapper »

Mantis2.11.0 clean install
I ran:

admin/check/index.php?show_all=0&show_errors=1
and got
For security reasons, you should delete (or at least restrict access to) the admin directory. Refer to the MantisBT Admin Guide for further details.

so I did a chmod on admin/ but that crashed mantis because

login_page.php: require_once( 'admin/schema.php' );

Please clarify
or specify an appropriate chmod or move schema.php out of admin
Last edited by zzapper on 12 Feb 2018, 10:49, edited 1 time in total.
atrol
Site Admin
Posts: 8366
Joined: 26 Mar 2008, 21:37
Location: Germany

Re: Don't delete disable admin directory!!

Post by atrol »

zzapper wrote: 12 Feb 2018, 10:20 so I did a chmod on admin/
What exactly did you set?

Independant from that, the safest way is to remove the directory.
Please use Search before posting and read the Manual
zzapper
Posts: 5
Joined: 12 Feb 2018, 10:00

Re: Don't delete disable admin directory!!

Post by zzapper »

Atrol
Can't remember may be chmod 700 but the issue is that Mantis login requires /admin/schema.php
atrol
Site Admin
Posts: 8366
Joined: 26 Mar 2008, 21:37
Location: Germany

Re: Don't delete disable admin directory!!

Post by atrol »

zzapper wrote: 12 Feb 2018, 10:32but the issue is that Mantis login requires /admin/schema.php
It's not required if you remove the directory.
Please use Search before posting and read the Manual
atrol
Site Admin
Posts: 8366
Joined: 26 Mar 2008, 21:37
Location: Germany

Re: Don't delete disable admin directory!!

Post by atrol »

It's also not required if you chmod 000 for admin.
Please use Search before posting and read the Manual
zzapper
Posts: 5
Joined: 12 Feb 2018, 10:00

Re: Don't delete disable admin directory!!

Post by zzapper »

Thanks Atrol

oh gosh that's a catch22!

maybe the warning message in check.php should be more specific.

:)
atrol
Site Admin
Posts: 8366
Joined: 26 Mar 2008, 21:37
Location: Germany

Re: Don't delete disable admin directory!!

Post by atrol »

zzapper wrote: 12 Feb 2018, 10:39maybe the warning message in check.php should be more specific.
Any proposal?
Please use Search before posting and read the Manual
zzapper
Posts: 5
Joined: 12 Feb 2018, 10:00

Re: Don't delete disable admin directory!!

Post by zzapper »

Atrol
I guess just delete it!
atrol
Site Admin
Posts: 8366
Joined: 26 Mar 2008, 21:37
Location: Germany

Re: Don't delete disable admin directory!!

Post by atrol »

zzapper wrote: 12 Feb 2018, 10:50just delete it!
This is no solution as it's intended to offer users the options to remove or to restrict.

Sometimes you need scripts from admin folder later on for checks or to run tools in it.
It's easier to restrict by chmod and set back when needed, than to restore exactly the same version of admin folder, that you removed.

It's better to keep it as it is at the moment, especially as there is a ongoing dicussion how to restrict by .htaccess https://www.mantisbt.org/bugs/view.php?id=23211
Please use Search before posting and read the Manual
zzapper
Posts: 5
Joined: 12 Feb 2018, 10:00

Re: Don't delete disable admin directory!!

Post by zzapper »

I have now deleted the admin/ so am done but 'chmod 000 admin/' didn't work for me but what I did't try 'chmod -R 000 admin/' .

Tschuss
Post Reply